Tiyeni Encrypt, bungwe loyang'aniridwa ndi anthu osapeza phindu lomwe limapereka ziphaso zaulere kwa aliyense, lalengeza kuchepetsedwa pang'onopang'ono kwa nthawi yovomerezeka ya ziphaso zake za TLS kuyambira masiku 90 mpaka 45. Pa February 10, 2027, kutsimikizika kwa satifiketi kudzachepetsedwa kukhala masiku 64, ndipo pa February 16, 2028, mpaka masiku 45. Satifiketi yosankha ya masiku 45 ipezeka pa Meyi 13, 2026.
Nthawi yomweyo, nthawi yovomerezeka idzachepetsedwa pang'onopang'ono: pa February 10, 2027, idzachepetsedwa kuchoka pa masiku 30 kufika pa 10, ndipo pa February 16, 2028, idzachepetsedwa kuchoka pa masiku 10 kufika pa maola 7. Nthawi yovomerezeka imafotokozedwa ngati nthawi yomwe ufulu wanu utsimikizika domain, pomwe satifiketi ikhoza kuperekedwa popanda kutsimikiziridwanso. Pambuyo pa nthawiyi, kutsimikizira kwatsopano kumafunika.
Chifukwa chomwe chatchulidwa chakuchepetsa kutsimikizika kwa satifiketi ndi zofunikira zatsopano zochokera ku CA/Browser Forum, zomwe mavenda asakatuli ndi ma CA ayenera kutsatira. Nthawi yofupikitsidwa yofananayo idzakhazikitsidwa ndi ma CA onse. Bungwe la CA/Browser Forum lakhazikitsa tsiku lomaliza la Marichi 2029 kuti amalize kukhazikitsa, komanso satifiketi yotsimikizika yamasiku 47. Pambuyo pa Marichi 2029, asakatuli abweza zolakwika za "ERR_CERT_VALIDITY_TOO_LONG" pokonza ziphaso zatsopano zokhala ndi nthawi yovomerezeka yopitilira masiku 47.
Ubwino wosinthira ku ziphaso zaufupi umaphatikizapo kutha kuchepetsa nthawi yomwe imatengera kukhazikitsa ma aligorivimu atsopano a cryptographic ngati zofooka zapezeka zomwe zilipo kale, komanso chitetezo chokwanira. Mwachitsanzo, ngati chiphaso sichidziwika panthawi yachinyengo, ziphaso zanthawi yayitali zimalepheretsa oukirawo kuti asayang'anire kuchuluka kwa anthu omwe akuzunzidwa kwa nthawi yayitali kapena kugwiritsa ntchito ziphaso kuti azembe. Kutsimikizika kwa umwini wa domeni pafupipafupi komanso nthawi zazifupi zovomerezeka za satifiketi zidzachepetsanso mwayi woti satifiketiyo ikhalabe yovomerezeka chidziwitso chomwe chili nacho chitatha ndikuchepetsa chiopsezo chogawa ziphaso zoperekedwa molakwika.
Chifukwa chakufupikitsa kwa nthawi yovomerezeka ya satifiketi, Let's Encrypt yalimbikitsa kuti ogwiritsa ntchito asinthe makina owongolera satifiketi m'malo mowakonzanso pamanja. Ogwiritsa ntchito kale makina azida akuyenera kuwonetsetsa kuti zida zawo zimathandizira ziphaso zokhala ndi nthawi zazifupi zovomerezeka. Kuti mugwirizanitse kukonzanso kwa satifiketi kwakanthawi kochepa, olamulira atha kugwiritsa ntchito kukulitsa kwa protocol ya ACME Renewal Information (ARI), yomwe imawalola kuti alandire zidziwitso zokhudzana ndi kukonzanso satifiketi ndikusankha nthawi yabwino yokonzanso. Ndikofunikiranso kukhazikitsa njira yowunikira kuti muzindikire nthawi zomwe satifiketiyo siinakonzedwenso munthawi yake.
Kuti muchepetse chitsimikiziro cha umwini wa domain, pulojekiti ya Let Encrypt ikukonzekera kukhazikitsa njira yotsimikizira ya DNS-PERSIST-01 yatsopano mu 2026. Mosiyana ndi HTTP-01 ndi DNS-01, njirayi sifunikira kukonzanso zambiri nthawi iliyonse kapena kufuna kuti kasitomala wa ACME akhale ndi mwayi wogwiritsa ntchito intaneti kapena seva ya DNS. Ndi PERSIST-01, kungowonjezera mbiri yeniyeni ya TXT ku DNS ('_validation-persist.example.com. IN TXT("ca.example;" » accounturi=https://ca.example/acct/123")) kamodzi ndizokwanira, ndipo kasitomala wa ACME adzatha kutsimikizira popanda kukonzanso deta ya DNS.
Source: opennet.ru
